Administration Console Online Help

Manage security
policies

Security policies specify
which users, groups, or security roles can access WebLogic resources. As
part of creating a policy, you specify conditions (such as time
constraints) under which a user, group, or role can access
resources.

You can create a root level policy, which applies to all
instances of a specific resource type. For example, you can define a
root level policy that applies to all JMS resources in your domain. You
can also create a policy that applies to a specific resource instance.
If the instance contains other resources, the policy will apply to the
included resource as well. For example, you can create a policy for an
entire enterprise application (EAR), an EJB JAR containing multiple
EJBs, a particular EJB within that JAR, or a single method within that
EJB.

The policy of a narrower scope overrides policy of a broader scope.
For example, if you create a security policy for an EAR and a policy for
an EJB that is in the EAR, the EJB will be protected by its own policy
and will ignore the policy for the EAR.

To create security roles in a WebLogic security realm:

To create root level policies:

Review the root level policies that WebLogic Server provides
and determine if these are sufficient for your needs.